BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

New eEye Zero-Day Tracker Site is Up!

Posted September 22, 2010    Marc Maiffret

We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability.

The ZDT is also an important tool to hold technology companies accountable. eEye has long believed that we are not only striving to provide IT folks the best Vulnerability Management solutions to combat vulnerabilities within their own organizations, but also that we must all work as a community to hold technology companies accountable for the timely and responsible fixing of security vulnerabilities.

As you’ll see on the eEye ZDT website, the number of Zero-Day vulnerabilities is certainly not slowing down. Maybe even more disconcerting is the fact that some vulnerabilities in the list have been known for months – a stark reminder that some technology companies will simply leave Zero-Day vulnerabilities unpatched for a period of time.

In addition to the dramatic increase in Zero-Day vulnerabilities, we’re also seeing an increase in the usage of Zero-Day vulnerabilities within common widespread cybercrime attacks rather than the norm of silent targeted attacks. These trends should serve as a reminder that in order to effectively secure your organization in today’s threat landscape, you must operate under the assumption that there are unpatched vulnerabilities that can affect your organization. It’s critical to ask yourself honestly if you’ve implemented technologies, configurations, and processes that go above and beyond the reactive security of traditional anti-virus, firewall, and intrusion detection technologies.

I personally invite you to take advantage of this newly launched service from the eEye Research Team. Please use it not only as a resource for yourself, but also as a shared tool to collectively hold technology companies accountable. At eEye, we’ve seen firsthand the power of the IT Security community to change the culture of security even at a company as large as Microsoft. So, in an effort to work together, please send us an email at research@eeye.com, if you know of a current or previously patched Zero-Day that’s not listed on our ZDT website. We will be sure to add it.

Look for more resources and tools from us over the coming months, as we continue to push for accountability across all technology companies. Let’s work to establish a new standard where they put security first and features second.

Tags:
, , , ,

Leave a Reply

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,